Major FEMA privacy incident reveals data from 2.5 million survivors of disaster



[ad_1]

The Federal Emergency Management Agency shared the personal addresses and bank information of more than 2 million US survivors of disasters, as part of what it acknowledged Friday as a "major incident of Protection of private life".

The recently discovered data breach, which is the subject of a report by the Office of the Inspector General of the Department of Homeland Security, occurred when the organization shared sensitive and personally identifiable information about victims of homelessness. disasters that have used FEMA's transitional housing assistance program, according to FEMA officials. Among those affected are the victims of the California wildfires in 2017 and hurricanes Harvey, Irma and Maria, the report says.

In a statement, Lizzie Litzow, FEMA press officer, said the violation had occurred because "FEMA had provided more information than was necessary" when transferring information about the survivors to a contractor.

"We believe that this excessive sharing has affected approximately 2.5 million disaster survivors," said a Homeland Security Department official who asked for anonymity to provide background information beyond the statement. official FEMA.

He added that 1.8 million people had both their bank details and their addresses revealed and that about 725,000 people simply had their shared address.

It is not clear whether the data breach has led to identity theft or other malicious actions, he said.

"We have no information that it was compromised in a prejudicial way," said the DHS official.

The report of the Inspector General said that the accident of privacy threatened the victims of "identity theft and fraud". The report, dated March 15, estimated the number of people affected at 2.3 million, slightly less than the estimate provided by the DHS official on Friday.

The Inspector General's report indicated to FEMA that it needed to put in place controls to ensure that this data would not continue to be shared with subcontractors and that the agency needed to assess the extent of the breach and ensure that the data contained in the subcontractor's system were destroyed.

In the report of the Inspector General, FEMA stated that once aware of the problem, the agency had installed a data filter in December to prevent any unnecessary personal data from survivors to leave his system. FEMA also indicated in its report that since the implementation of its new procedures, it had twice sent in internal security experts to carry out on-site inspections of its network.

Litzow said FEMA has taken "aggressive measures to correct this mistake. FEMA no longer shares unnecessary data with the contractor and has conducted a detailed review of its information system. "

FEMA refused to identify the contractor.

Litzow said FEMA was working with the contractor to remove unnecessary data from his system. As an added measure, Litzow said, FEMA has contracted staff to take additional training on privacy protection.

"This is unacceptable and FEMA needs to demonstrate that it will do better in the future," said Bennie Thompson (D-Miss), chair of the House Homeland Security committee. "Protecting the information of Americans who are already suffering from a disaster should be of utmost importance."

[ad_2]

Source link